from the FBI's-dystopian-fiction-develops-another-plot-hole dept

The FBI continues to push its "going dark" theory. It's not interested in the truth. It would rather have a legislative mandate or a string of favorable court decisions than utilize options vendors have made available. These are the candles the FBI will forgo to publicly curse the darkness. A recent Inspector General's report made it crystal clear: those charged with finding a way to crack open the San Bernardino shooter's cell phone slow-walked their search in hopes of ending up with a judicial mandate forcing Apple to crack its own encryption.

The complaints about the darkness continue, even as vendors like Cellebrite have shown they can crack any iPhone given enough money and time. There are solutions out there, but the FBI doesn't want them. Cellebrite isn't the only company with an iPhone crack for sale. As Joseph Cox reports for Motherboard, another device has surfaced that can brute force its way past iPhone lock screens. The FBI may continue its disingenuous push for weakened encryption, but law enforcement agencies around the nation are more than willing to pay for a solution that doesn't involve Congressional reps or federal judges.

"I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product's potential," an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March.

The GrayKey itself is a small, 4x4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen byForbes says GrayKey can unlock devices running iterations of Apple's latest mobile operating system iOS 11, including on the iPhone X, Apple's most recent phone.

According to documents obtained by Motherboard, multiple state and local law enforcement agencies have purchased Grayshift's device. The documents also show many agencies expressing an interest in picking up a GrayKey, including some at the federal level, like the DEA and, oddly enough, the FBI. The FBI doesn't appear to have acquired one yet, but if that's the case, it's lagging behind local PDs with less funding and tech expertise. It's also trailing the State Department, which has already acquired at least one of the devices.

The device comes in two flavors: an online version with a fixed number of unlocks or an offline version that retails for twice as much ($30,000) but can be used as often as the purchaser wants (or until Apple fixes the vulnerability, whichever comes first). The brute force method deployed takes anywhere from 2 hours to several days, depending on passcode complexity.

"Going dark" is a convenient lie. The FBI has been deliberately misconstruing reality for a couple of years now, beginning with then-director James Comey's coining of the phrase. Even while Comey was peddling his "going dark" theory to security researchers, Congressional reps, and federal judges, the FBI was rarely having trouble accessing device contents. In 2016, the FBI admitted it could access the contents of passcode-protected devices 87% of the time. Somehow, despite only incremental changes in encryption offerings, the small number of locked devices has grown from ~880 to over 7,000 in two years. This suggests FBI officials are more interested in generating a "going dark" narrative than actually deploying available tech to access contents of seized devices.

The existence of another device capable of cracking iPhone encryption should be good news for the FBI. Other law enforcement agencies apparently view this as a plus. The downside for those not employed by the government is that there's a vulnerability in iPhones Apple hasn't fixed yet. And, given the intense secrecy surrounding vendors of exploits, we have no idea how many governments have purchased iPhone-cracking devices. It's unlikely Hacking Team is the only exploit vendor selling to authoritarian governments and UN-blacklisted countries. It's just the only one to have been caught doing it. An exploit is an exploit and it will be used by the good and the bad.

Not that relegating it to "good" law enforcement agencies is necessarily a huge improvement. Authoritarian regimes may use tools like this to go after critics and stifle dissent, but let's not forget the FBI has a long history of doing exactly the same thing under the guise of protecting public safety. And, at this point, the FBI isn't being honest about its weapons stockpiles during this Crypto Cold War. Sure, it needs to retain some sort of tactical advantage -- whether it's pursuing bad guys or legislation -- but it should never be granted full credibility when it talks about thousands of unlocked phones, the coming darkness, and how much security we should be forced to give up in the name of public safety.

from the and-for-how-long? dept

As smartphones and other mobile devices have gotten smarter and smarter, they've taken over more and more of most people's general computing needs, and the importance of the classic personal computer has waned. And so for some time the question has been: will the PC ever go away entirely? That's our topic this week as we try to figure out who really needs a PC these days, and when and if that will change.

from the not-so-smart-anymore? dept

Smartphones have been one of the most world-changing innovations of our time — and for a long time, smartphone design was a hotbed of innovation. But more recently that innovation seems to have stagnated. So where does this technology go next? That's the subject of this weeks episode, in which we try to figure out whether smartphone innovation is still happening.

"They would get the phone and lock themselves in their room and change who they were," he said.

With one of his sons, then 12, he thought the problem became bad enough to warrant taking the phone away.

"(With smartphones), the internet is always begging for your attention," he said. "The apps are all designed to addict you. ... For children, it's not a good thing."

Because parenting is hard, Farnum has decided to see if the state can't pick up his parenting slack. He has introduced a ballot measure that would ban retailers from selling phones to preteens, even indirectly. If this anesthesiologist can find 300,000 like-minded idiots willing to follow him into legislative infamy, his proposal could possibly become law.

To drum up support for his idea, Farnum has cobbled together a website that probably looks terrible on mobile devices. It certainly looks awful on the regular web.

And it's full of terribleness -- half-arguments and citation-less assertions, not exactly the sort of thing you'd expect from a board of directors composed of people with medical degrees. Here's just a few of the convincing arguments Farnum deploys:

Years from now parents will look back on our time and shake their heads and wonder how we allowed this atrocity. Allowing our children to be robbed of their carefree days of wonder, laughter, and normal natural development. Yes, they will wonder, didn't they see it?, didn't they see their children stop achieving, stop playing, stop laughing, ceasing to be free? Instead, isolating themselves in their rooms choosing soft and cushy electronic lives over their real ones. Didn't they see the damage?

Or:

Currently, parents are supposed to do everything, and the manufacturers, content and service providers, basically everyone in the whole industry gets a free pass. Parents are somehow supposed to be up to date on the current recommendations on usage from experts, and enforce these recommendations, plus guard their children everywhere they go. This is not only unfair, it is altogether impossible given the saturation of our children's environment.

Or:

The wild west free for all that we have now has left parents with little clear direction, and has caused incalculable damage to children. The American Academy of Pediatricians came out in 2000 with their recommendations, reaffirmed them in 2012, and yet parents are unaware, and children continue to be harmed.

FINALLY. A citation to something other than Farnum's gut instinct, or how the world should change to better accommodate his strained relationship with his sullen, withdrawn children. Something written by someone other than an anesthesiologist.

Or not. There's no link to these recommendations or direct quotes from any AAP report. It's as if Farnum believes you can just type something on the internet and readers are obligated to believe it.

The AAP recommends that parents and caregivers develop a family media plan that takes into account the health, education and entertainment needs of each child as well as the whole family.

“Families should proactively think about their children’s media use and talk with children about it, because too much media use can mean that children don’t have enough time during the day to play, study, talk, or sleep,” said Jenny Radesky, MD, FAAP, lead author of the policy statement, “Media and Young Minds,” which focuses on infants, toddlers and pre-school children. “What’s most important is that parents be their child’s ‘media mentor.’ That means teaching them how to use it as a tool to create, connect and learn.”

What a revolutionary idea: parents engaging in the act of parenting! But if that's not for you, there's Farnum's ballot measure [PDF], which is prefaced with phrasing guaranteeing it will never be taken seriously.

WE THE PARENTS AND CONCERNED CITIZENS OF THIS MOST MAGNIFICENT STATE THROUGH FIRST HAND EXPERIENCE AND MOUNTING SCIENTIFIC DATA HAVE COME TO BELIEVE THAT SMARTPHONES ARE ADDICTIVE, HARMFUL, AND DANGEROUS IN THE HANDS OF CHILDREN.

THE MANUFACTURES AND SERVICE PROVIDERS OF SMARTPHONES HAVE CONTINUED UNABATED TO PROMOTE THEIR USE IN A RECKLESS AND WANTON MANNER, WITH NO CONCERN FOR OUR CHILDREN'S HEALTH OR SAFETY.

OUR GOVERNMENT BODIES ON ALL LEVELS HAVE FAILED TO GRASP THE LEVEL OF ADDICTION, THE SEVERITY OF THE HARM, OR THE UNMENTIONABLE STARK DEPRAVITY OF THE DANGERS.

WE AS PARENTS FIND THIS MATTER TO BE SO WIDESPREAD, SO INSIDIOUS AND OF THE VERY HIGHEST PRIORITY. NO HALF MEASURES, INEFFECTUAL EDUCATION CAMPAIGNS, NEW APPLICATIONS, OR PROMISES FROM MEGA-CORPORATIONS OF IMPROVEMENT WILL SUFFICE TO CAUSE THE GREAT CHANGE NECESSARY TO RESCUE THIS AND GENERATIONS OF CHILDREN TO COME FROM THE CARELESS AND EXPERIMENTAL INTRODUCTION OF SIMILAR TECHNOLOGIC[AL] DEVICES AND ADVANCEMENTS BY PROFIT DRIVEN CORPORATIONS.

It's pretty much a conspiracy theorist's message board post, only with some nonsensical legislation attached. The proposal would require retailers to ask customers if they're buying phones for preteens and, apparently, refuse the sale if the answer is "yes." Retailers are also required to put up signage informing customers of the new state-enforced policy and train employees to dig into the details of customers' purchases. Then they'll have to turn this information over to the state.

(4) RETAILER SHALL VERBALLY INQUIRE ABOUT THE AGE OF INTENDED PRIMARY OWNER PRIOR TO COMPLETING THE SALE OF ANY SMARTPHONE.

(5) RETAILER MUST DOCUMENT THE RESPONSE OF PURCHASER AND KEEP A RECORD OF THIS RESPONSE.

(6) RETAILER MUST FILE A MONTHLY REPORT TO THE DEPARTMENT THAT PROVIDES A LISTING OF:

(a) THE TYPE OF PHONE THAT WAS PURCHASED EITHER SMARTPHONE OR CELLULAR

(b) THE AGE OF THE INTENDED PRIMARY OWNER AT TIME OF PURCHASE

This is a really disturbing addition, as it places smartphone sellers under a more pervasive form of regulation than sellers of other age-controlled items like alcohol, cigarettes, and porn. And it makes no sense at all to maintain these records, as the proposal contains no avenue of state recourse against parents who lie to retailers about the cellphone recipient's age.

Retailers who violate the law face steadily-increasing fines, starting at $500 and topping out at $20,000. Retailers are given an "affirmative defense" to use when accused of violating the law, but can only use this defense twice in a 24-month period. And it's not really an affirmative defense. It's really nothing more than a statement of compliance with mandated sales policy changes that can be used to shield the retailer from fines if it's determined to have violated the law.

Finally, to cap off the nonsense this is, Farnum's own site presents this contradictory argument:

It absolutely is a parents right to choose how to raise their child. But it is also our American parents right to form an alliance together and try to make manufacturers and service providers accountable for the mess they have created.

It is a parent's right to choose. Here's some legislation taking that choice away! And some sort of plan to collect reparations from local retailers for the evils perpetrated on society by manufacturers. Somehow this proposal managed to survive the scrutiny of state ballot officials, which doesn't say much for their judgment skills.

from the but-will-it-come-in-peace? dept

A couple of years ago, we wrote about Ruichuan IPR Funds, which seemed to be a rather odd kind of patent troll -- one that was essentially backed by the Chinese government. Since then, Ruichuan has dropped off the radar in the West, but there have been some important changes in its home country, as reported on the IAM blog:

China's first patent fund is now being run as part of the Xiaomi IP function, IAM can exclusively reveal. When last we reported on the Ruichuan IPR Funds its status was somewhat unclear. The fund's operator, an IP services firm called Zhigu, had apparently been merged with the smartphone company's in-house IP department, but there had been no official word on the move.

Techdirt wrote about Xiaomi -- sometimes called "China's Apple" -- last year. Although it has lost some of its initial shine, it's still a top Chinese company, and one that has global ambitions. As Techdirt readers know only too well, to stand a chance in the West's patent-saturated tech markets, new entrants need a patent portfolio to use as a bargaining counter, and Xiaomi has been busy acquiring one. In June of this year, Bloomberg reported the following:

The patents cover a range of wireless communications, video, cloud and multimedia technologies, spokeswoman Kaylene Hong said. The acquisition came as part of a broader agreement announced Wednesday with the U.S. software giant, under which Microsoft Office and Skype will come pre-installed on the Chinese smartphone maker devices.

The absorption of Ruichuan IPR Funds by Xiaomi -- which must have taken place with the Chinese government's approval -- is clearly part of the same strategy of bulking up in the patent department as it prepares to expand abroad. The big question is whether Xiaomi is planning to use its new portfolio purely defensively, so that it can sign cross-licensing deals, or whether it will start going on the offense and sue Western companies in their home markets too.

from the just-as-Techdirt-predicted dept

For many years now, Western governments have been complaining about China's supposed lack of respect for intellectual monopolies, and constantly pushing the country's politicians to tighten the legal framework protecting them. To anyone not blinded by an unquestioning belief in the virtues of copyright and patent maximalism, it was pretty clear where this strategy would end. Indeed, over five years ago, Mike warned where this was leading: towards China repeatedly punishing foreign companies to protect domestic Chinese firms -- in other words, leveraging patents as a tool for protectionism. A post on the IAM blog about legal action taken by the Chinese company BYD, one of Apple's suppliers, shows that Techdirt's predictions are well on the way to being realized:

Apple says BYD filed a pair of patent infringement suits in the Shenzhen Intermediate People’s Court alleging that the antennae in the iPhone 6 plus and various other Apple products infringe BYD’s intellectual property.

Five other defendants working with Apple were also sued -- four Chinese suppliers, and one Chinese distributor.

In effect, this is a patent attack on Apple's supply chain in China, and one that would be devastating for the US company if successful. The IAM post points out:

Of the seven final assembly facilities for iPhones, only one is outside of China (a Foxconn facility in Sao Paolo, Brazil). That means any company with valid Chinese patents that it thinks reads on Apple products potentially has a lot of leverage.

There are two crucial elements that make Apple so vulnerable here. First, the fact that its assembly facilities are concentrated in China, and secondly, because there's a Chinese company with patents it thinks it can use against Apple in that country. A March 2014 press release from BYD boasted that it had already amassed more than 12,000 domestic patents and over 8,000 international ones; the figures today are doubtless much higher. Amongst those domestic patents there are probably many that could come in handy for future legal action against other Western companies that assemble their products in China.

Those in the West who pushed China to show more "respect" for patents must be feeling so proud of the progress that Chinese companies have made in this regard, and so pleased now to see Apple being sued in local courts using China's patent laws.

from the I've-a-feeling-we're-not-in-Beijing-anymore dept

The smartphone sector is undergoing an upheaval at the moment, as Chinese manufacturers move up the global market share rankings. Already, the third, fourth and fifth places are occupied by Chinese companies: Huawei, Lenovo and Xiaomi. But it's the last of these that has emerged as the real star. Although Xiaomi was only founded in 2010, in 2014, the company sold 61 million phones, and hopes to sell 100 million in 2015. Much of that growth will come from outside China: Xiaomi has already started selling its products across Southeast Asia, especially in India, as well as in Mexico, Turkey, Russia and Brazil.

Now it is aiming to enter perhaps the toughest market of all: the US. But it knows that offering hugely-popular products at extremely competitive prices is not enough. If it wants to survive in the US -- never mind thrive -- there is one more thing that it must have, as this report in re/code explains:

Xiaomi international head Hugo Barra said on Thursday that the Chinese electronics company is looking to file more patents and strike more deals ahead of a launch into the U.S. market.

The move is essential if Xiaomi really wants to play in the U.S. and Europe, where intellectual property issues are taken seriously.

…

Xiaomi has already filed for 2,000 patents, Barra said in an interview with Bloomberg TV.

“Think of it as, like, a war chest of sorts,” Barra said, adding that the company is also systematically taking patent licenses, especially for standards-essential patents.

Well, "taking intellectual property issues" seriously is one way of putting it. You could also say that the US smartphone market has extremely high entry costs because of patent thickets, and that the only way to play there is to have your own patents that you can use as a bargaining chip with the other patent-holders. But it doesn't have to be this way. China's "gongkai" culture shows how rapid innovation can flourish in an environment where patents and copyright are largely ignored, and where every company builds on the work of others, and is built on in turn. And for those who think that the US approach is safer and easier to manage, it's worth considering the following comment in the re/code article:

Even if Xiaomi takes licenses for standards-essential patents from Ericsson and others, it still could face the type of legal action that Samsung faced from Apple.

In other words, companies that try to play strictly by US rules find out that the rules are not as clear-cut as they might seem. It will be interesting to see how Xiaomi fares in this strange new world, and whether the "war chest" it is busily acquiring is enough to protect it from the worst excesses of patent monopolies.

from the please-spy-on-our-behalf,-thx! dept

Considering the extent of its (most web-related) censorship efforts, South Korea must consider itself fortunate to be next-door neighbors with North Korea. Any time another censorship effort arrives, all the government has to say is, "Hey, at least we're not as bad as…" while pointing its index fingers in an upward/roughly northerly direction.

It blocks sites and web pages with gusto, subverting its own technological superiority by acting as a Puritanical parental figure. Not that it helps. Every time the government ropes off one area, citizens carve out another. Four years ago, it attempted to pass a law making government-approved computer security software installation mandatory, supposedly in hopes of heading up the enlistment of citizens' computers into botnet armies.

The app, "Smart Sheriff," was funded by the South Korean government primarily to block access to pornography and other offensive content online. But its features go well beyond that.

Smart Sheriff and at least 14 other apps allow parents to monitor how long their kids use their smartphones, how many times they use apps and which websites they visit. Some send a child's location data to parents and issue an alert when a child searches keywords such as "suicide," ''pregnancy" and "bully" or receives messages with those words.

Last month, South Korea's Korea Communications Commission, which has sweeping powers covering the telecommunications industry, required telecoms companies and parents to ensure Smart Sheriff or one of the other monitoring apps is installed when anyone aged 18 years or under gets a new smartphone. The measure doesn't apply to old smartphones but most schools sent out letters to parents encouraging them to install the software anyway.

Other trigger terms seem to do nothing more than give parents a reason to lock their kids up until they're old enough to move out:

Girl I like, boy I like, dating, boyfriend, girlfriend, breakup…

This new mandate is obviously creating a chilling effect. Some have noted the Smart Sheriff app may give government agencies access to minors' communications, all under the pretense of helping parents out. Nearly 80% of South Korean schoolchildren (teens and elementary students) own smartphones. That's a whole lot of communications potentially being delivered to law enforcement and intelligence agencies (if not also to schools and service providers).

As a result, smartphones are now no longer viewed as essential equipment by teenagers.

To get around the regulations, some students say they will wait until they turn 19 to get a new phone.

"I'd rather not buy a phone," said Paik Hyunsuk, 17. "It's violation of students' privacy and oppressing freedom."

Open Net Korea, which has tracked South Korean censorship efforts for years, has a translation of the law's stipulations, which not only requires installation of government-approved spyware apps, but also stipulates cell phone providers actively hassle parents who don't seem to be taking the mandated monitoring seriously.

(1) According to Article 32-7(1) of the Act, a telecommunication business operator entering into a contract on telecommunications service with a juvenile under the Juvenile Protection Act must provide means to block the juvenile’s access to the media products harmful to juveniles under the Juvenile Protection Act and the illegal obscene information under Article 44-7(1)1 of the ICNA (“Information harmful to juveniles”) through the telecommunication service on the juvenile’s mobile communications device such as a software blocking information harmful to juveniles.

(2) Procedures prescribed below must be followed when providing the blocking means under (1):

At the point of signing the contract: a. Notification to the juvenile and his/her legal representative regarding types and features of the blocking means; and b. Check on the installation of the blocking means.

After closing the contract:

Monthly notification to the legal representative if the blocking means was deleted or had not been operated for more than 15 days.

So, not only is it censorware and spyware, but it's also apparently nagware -- with telecom reps calling or emailing every month to remind parents to perform their duties as proxy surveillance operatives for the South Korean government.

from the recharge dept

Batteries are the bane of our mobile existence, limiting the usefulness of our devices and bottlenecking the power that can be built into them. External battery packs have unsurprisingly become a popular item, but with heavy usage they are just another device that needs to be regularly replaced, and another source of batteries that end up in the trash. For this week's awesome stuff, we're looking at the BETTER RE: a small piece of inspired engineering that aims to stem that waste and expense by making old smartphone batteries reusable as external battery packs.

The Good

BETTER RE is, quite simply, a universal smartphone battery adapter. You can hook up any battery inside the chassis and the BETTER RE lets you charge it up and use it to charge your devices. This just seems like a great idea. The creators rightly point out that device-churn has picked up the pace, and today the average smartphone is thrown out while its battery still has lots of life left. This is incredibly inefficient and expensive, not to mention a serious disposal headache and environmental concern — and now we're putting millions of additional external batteries in circulation alongside the phones themselves. The BETTER RE stems that tide from both directions, extending the usefulness of phone batteries and reducing the need for new externals. For the individual, it means a powerpack that lasts forever instead of wearing itself out — plus you can use it as a secondary charger, with quick and simple test functions, making it easier to have multiple phone batteries in rotation. There are also stackable expansion units, so you can amp up those old batteries to charge new, high-power devices.

At $50, the BETTER RE is not dirt-cheap but it seems quite reasonable when you consider that it won't need to be regularly replaced the way batteries themselves do. And as a cool bonus, the creators have been stockpiling and testing old batteries, and will throw them in for $10 a piece on top of the regular pledges.

The Bad

Even the BETTER RE can't truly free us from the tyranny of batteries. There are some obvious limitations to the device when compared to a dedicated high-power battery unit: though it's great for smaller phones, even with three units stacked it can't quite give a full charge to an iPad Air, and the charge it does give takes hours; though it's currently designed to work with just about any smartphone battery of any size, there's no guarantee that compatibility will remain; and, of course, more and more devices are being built with non-removable batteries, which could put the brakes on the entire idea. Because of all this, I actually suspect that the biggest markets for the BETTER RE won't be wealthy high-tech countries but rather parts of the world where cheaper, smaller phones still reign supreme — and that's not a problem, as many devices have found huge success and made a real impact by targeting such markets.

The Stylish

Function is what makes the BETTER RE interesting, but it bears mention that it's no slouch on the fashion front either. It's built from aluminum (in white or black, brushed or matte, all of which look very nice in the product shots) and walnut and maple hardwood. As a nice bonus, laser-engraving on the wood endpiece is included with most backer tiers.

from the about-time dept

Roughly every gamer who grew up in the glorious eighties and who also owns a smart phone has been completely flabbergasted that Nintendo, that icon of our youths, had so steadfastly resisted getting involved in mobile-device gaming unless the hardware had its logo slapped on the back. Add to that the company's drumbeat against emulators on phones and tablets that would allow gamers to play the amazing back-catalog of games-gone-by while simultaneously refusing to release any of those games for those devices themselves and at times it appears that Nintendo hates money. Recently, we even covered Nintendo's odd decision to go the opposite direction and port common smartphone and tablet games to Nintendo handheld hardware. This whole refusal to get with the times has come off as downright crazy.

Nintendo announced today that the company has entered into a "business and capital alliance" with Japanese online giant DeNA. As part of this alliance, the two companies will team up (a press release specifically mentions "joint development") to release "gaming applications for smart devices". These games will use Nintendo IP.

You may be thinking, "Duh, why wouldn't they do this?", but that's the question Nintendo fans have been asking for several years now. The fact is that the gaming giant has completely ignored the very existence of these mobile gaming platforms everyone has these days. Still, developing new games using Nintendo IP for phones and tablets is a nice move, but if it really takes off and it's successful? Perhaps that's when we'll finally see the back catalog of games open up officially.

And, while the wording is a bit vague and Nintendo insists it will continue being in the hardware business, check this Nintendo statement out.

Nintendo and DeNA expect to develop a new core system compatible with a variety of devices including PCs, smartphones and tablets as well as Nintendo's dedicated video game systems, and are to jointly develop a membership service utilizing this system, with a launch targeted for the fall of 2015. The companies expect to further enhance their customer relationships through the membership service.

Nintendo games possibly on the PC? It'd be a bold move, and a massive departure from the Nintendo of the past... and it would be smart as hell. Perhaps the gaming giant of my youth is finally embracing the present, if not the future.